CN107196972A - A kind of authentication method and system, terminal and server - Google Patents

A kind of authentication method and system, terminal and server Download PDF

Info

Publication number
CN107196972A
CN107196972A CN201710591304.3A CN201710591304A CN107196972A CN 107196972 A CN107196972 A CN 107196972A CN 201710591304 A CN201710591304 A CN 201710591304A CN 107196972 A CN107196972 A CN 107196972A
Authority
CN
China
Prior art keywords
terminal
certification
characteristic information
cryptographic hash
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710591304.3A
Other languages
Chinese (zh)
Other versions
CN107196972B (en
Inventor
李�远
王继武
张红喜
付昕
王安定
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN201710591304.3A priority Critical patent/CN107196972B/en
Publication of CN107196972A publication Critical patent/CN107196972A/en
Application granted granted Critical
Publication of CN107196972B publication Critical patent/CN107196972B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

This application provides a kind of authentication method and system, terminal and server, wherein authentication method includes:The certification request for including the certification mark for representing non-certification first is sent to server, and obtains the identifying code that the server is sent;The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;Perform plus salt hashing operation, obtain plus salt cryptographic Hash with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information;Described plus salt cryptographic Hash is sent to the server, to add salt cryptographic Hash to be authenticated described in the server by utilizing.Whether the application has terminal access right using terminal feature come certification user, so that abnormal user is in the case of the access right without user equipment, even if intercept normal users short message be verified code can not be by certification, so as to ensure that abnormal user can not be by certification.

Description

A kind of authentication method and system, terminal and server
Technical field
The application is related to communication technical field, more particularly to a kind of authentication method and system, terminal and server.
Background technology
Developing rapidly and being brought extensively using the life given people for mobile communication technology is greatly facilitated, but is also brought perhaps Many potential safety hazards.For example, certification user identity is required in many cases, at present would generally be to user terminal with short message mode Identifying code is sent out, with by verifying whether code authentication user is validated user.
But, because wireless channel has opening, abnormal user (attacker) can be cut using corresponding receiving device The short message of terminal is obtained, and using identifying code therein by certification, and then the validated user infringement normal users interests that disguise oneself as.
The content of the invention
In consideration of it, the application provides a kind of authentication method and system, wherein current come certification using the characteristic information of terminal Whether user has terminal access right so that abnormal user is in the case of no terminal access right, even if intercepting just Conventional family short message is verified code can not be by certification, so as to ensure that abnormal user can not be by certification.
This application provides following technical characteristics to achieve these goals:
A kind of authentication method, including:
The certification request for including the certification mark for representing non-certification first is sent to server, and obtains the server hair The identifying code sent;
The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;
Performed plus salt hashing operation with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information, obtain plus salt is breathed out Uncommon value;
Described plus salt cryptographic Hash is sent to the server, to add salt cryptographic Hash to carry out described in the server by utilizing Certification.
Optionally, sending comprising before representing the certification request of certification mark of non-certification first, also wrapping to server Include:
Whether judge the terminal is certification first;
If not certification first, then generation includes the certification request for the certification mark for representing non-certification first;Wherein, it is described Certification request also includes user and identified.
Optionally, in addition to:
If certification first, generation includes the certification request for the certification mark for representing certification first;Wherein, the certification please Asking also includes user's mark;
Sent to the server comprising the certification request identified first, and forcible authentication behaviour is performed with the server Make;
The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;
The cryptographic Hash of user's mark and the characteristic information is sent to the server, so that server is in the terminal right to use The corresponding relation of user's mark and the cryptographic Hash of the characteristic information is added in limit relation.
Optionally, in addition to:
Receive and show the authentication result that the server is sent.
A kind of authentication method, including:
Receiving terminal sends certification request;Wherein, the certification request include user identify and represent terminal whether headed by The secondary certification mark being authenticated;
Be authenticated first in the case of request determining that the terminal is non-based on certification mark, generate identifying code and to The terminal sends the identifying code;
In terminal access right relation, the cryptographic Hash with the corresponding characteristic information of user mark is searched;Wherein, institute State cryptographic Hash one-to-one relationship of the terminal access right relation including each user mark and each characteristic information, the feature The cryptographic Hash of information is obtained after characteristic information the first hashing operation of execution of terminal that access right is identified with user;
Using the cryptographic Hash of the characteristic information as salt figure, perform plus salt hashing operation, added with reference to the identifying code Salt cryptographic Hash;
This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared, and is sent and recognized to terminal according to comparative result Demonstrate,prove result.
Optionally, after receiving terminal sends certification request, in addition to:
Determining that the terminal, to be authenticated first in the case of request, pressure is performed with terminal based on certification mark Authentication operation.
Optionally, after being operated with terminal execution forcible authentication, in addition to:
The cryptographic Hash for the characteristic information that receiving terminal is sent and user's mark;
In terminal access right relation, the cryptographic Hash and the user for adding the characteristic information identify corresponding relation.
A kind of terminal, including:
Communication module, for sending the certification request for including the certification mark for representing non-certification first to server, and is obtained Obtain the identifying code that the server is sent;Processor is calculated into obtain plus salt cryptographic Hash to send to the server, with toilet State described in server by utilizing plus salt cryptographic Hash is authenticated;
Processor, the characteristic information for extracting terminal performs hashing operation to the characteristic information and obtains characteristic information Cryptographic Hash;Perform plus salt hashing operation, obtain plus salt with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information Cryptographic Hash.
A kind of server, including:
Communication module, certification request is sent for receiving terminal;Wherein, the certification request includes user's mark and represented Whether terminal is the certification mark being authenticated first, and authentication result is sent to terminal;
Processor, it is raw for being authenticated first in the case of request determining that the terminal is non-based on certification mark The identifying code is sent into identifying code and to the terminal;In terminal access right relation, search and user mark pair The cryptographic Hash for the characteristic information answered;Wherein, the terminal access right relation includes each user mark and each characteristic information Cryptographic Hash one-to-one relationship, the cryptographic Hash of the characteristic information believed by the feature that the terminal of access right is identified with user Breath is obtained after performing the first hashing operation;Using the cryptographic Hash of the characteristic information as salt figure, perform and add with reference to the identifying code Salt hashing operation, is obtained plus salt cryptographic Hash;This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared and recognized Demonstrate,prove result.
A kind of Verification System, including:
Terminal, for sending the certification request for including the certification mark for representing non-certification first to server, and obtains institute State the identifying code of server transmission;Wherein, the certification request includes user's mark and represents whether terminal is to be recognized first The certification mark of card;The characteristic information of terminal is extracted, the Hash that hashing operation obtains characteristic information is performed to the characteristic information Value;Perform plus salt hashing operation, obtain plus salt cryptographic Hash with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information; Described plus salt cryptographic Hash is sent to the server;The authentication result that the reception server is sent.
Server, certification request is sent for receiving terminal;Determining that the terminal is non-first based on certification mark It is authenticated in the case of request, generates identifying code and send the identifying code to the terminal;In terminal access right relation, Search the cryptographic Hash with the corresponding characteristic information of user mark;Wherein, the terminal access right relation is used including each Family identifies the cryptographic Hash one-to-one relationship with each characteristic information, and the cryptographic Hash of the characteristic information with user's mark by making Obtained after performing the first hashing operation with the characteristic information of the terminal of authority;Using the cryptographic Hash of the characteristic information as salt figure, Perform plus salt hashing operation, obtain plus salt cryptographic Hash with reference to the identifying code;This plus salt cryptographic Hash are sent with terminal plus salt Cryptographic Hash is compared, and authentication result is sent to terminal according to comparative result.
Pass through above technological means, it is possible to achieve following beneficial effect:
Whether the application has terminal access right using the characteristic information of terminal come certification user so that abnormal user exists In the case of there is no user terminal access right, though intercept normal users short message be verified code can not by certification, So as to ensure that abnormal user can not be by certification.In addition, the operation of user, which is remained, only needs input validation code, user's body is not influenceed Test.
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of application, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of structural representation of Verification System disclosed in the embodiment of the present application;
Fig. 2 is a kind of flow chart of authentication method disclosed in the embodiment of the present application;
Fig. 3 is the flow chart of another authentication method disclosed in the embodiment of the present application;
Fig. 4 is a kind of structural representation of terminal disclosed in the embodiment of the present application;
Fig. 5 is a kind of structural representation of server disclosed in the embodiment of the present application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is carried out clear, complete Site preparation is described, it is clear that described embodiment is only some embodiments of the present application, rather than whole embodiments.It is based on Embodiment in the application, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of the application protection.
For the ease of skilled in the art realises that the application scenarios of the application, referring to Fig. 1, recognize this application provides one kind Card system, including terminal 100 and server 200.
The one embodiment provided according to the application, a kind of authentication method is provided based on the Verification System shown in Fig. 1.Ginseng See Fig. 2, specifically include following steps:
Step S201:Terminal 100 determines whether certification first.
The application is commonly used to be provided with the client of application in terminal.It is understood that server 200 is and visitor Family end 100 is corresponding.For example, by taking Bank of China as an example, client 100 is the client of " Bank of China ", corresponding, server 200 be the server of " Bank of China ".
Client in terminal 100 is carrying out certain operations (for example, register, delivery operation or turn operation etc. Sensitive operation) when, it is necessary to be authenticated to active user.In this case, the client in terminal 100 is determined whether as first Certification.
Client in terminal 100 includes a certification mark, and whether certification mark can represent it in service Certification was carried out on device 200.
For example, so that certification is designated a flag mark as an example, when certification is designated " 1 ", representing that terminal 100 exists Certification was carried out on server 200, this is authenticated non-certification first to server 200.When certification is designated " 0 ", table Show that terminal 100 did not carried out certification on server 200, this is authenticated as certification first to server 200.
Terminal 100 can based on client memory storage certification mark determine whether certification first.
Step S202:If certification first, generation includes the certification request for the certification mark for representing certification first;Wherein, The certification request also includes user and identified.
If certification mark represents that terminal is certification first, the certification request that generation is identified comprising certification, certification is designated Represent the mark being authenticated first to server.In addition, certification request also includes the user's mark for logging in client.
Step S203:Terminal 100 is sent comprising the certification request identified first to server 200.
Step S204:The receiving terminal 100 of server 200 send comprising the certification request identified first, based on described Certification mark determines the terminal to be authenticated first in the case of request, and forcible authentication operation is performed with terminal.
The certification request that the receiving terminal 100 of server 200 is sent, can be learnt end by the certification mark in certification request End 100 is certification first, does not carry out certification on server 200 before.This verification process, server 200 and terminal 100 Forcible authentication operation can be performed.
Forcible authentication operation can be a kind of authentication operation in existing authentication operation, for example, server 200 is to terminal 100 transmission identifying codes are authenticated.The process has been mature technology, be will not be repeated here.
Step S205:Terminal 100 extracts the characteristic information of terminal, and performing hashing operation to the characteristic information obtains feature The cryptographic Hash of information, sends the cryptographic Hash of user's mark and characteristic information to server 200.
After terminal 100 and server 200 carry out forcible authentication operation, terminal 100 can extract the characteristic information of terminal. Characteristic information is that can uniquely represent the information of terminal.For example, frame number of the international mobile equipment identity number of terminal, terminal etc..
The purpose that the characteristic information of terminal is obtained in the application is, is logged in using characteristic information and identifying code double verification Whether the active user of client is validated user.The identifying code that is issued due to server 200 is easily stolen to be taken, so the application The characteristic information of terminal is added outside identifying code.
Under normal circumstances, terminal used in validated user is basically unchanged, so, the characteristic information of terminal can represent to step on Whether the active user for recording client has terminal access right.
For example, the active user for logging in client generally uses characteristic information for A terminal logs in, then it represents that active user With the terminal access right that characteristic information is A.If active user uses characteristic information for B terminal logs in, then it represents that current User is without the terminal access right that characteristic information is B.
The characteristic information of terminal can be sent directly to server 200 by terminal 100, so that server 200 is stored.
But typically, in order to improve efficiency of transmission and avoid characteristic information from being stolen, the feature of terminal can be believed Breath carries out execution hashing operation, so as to obtain the cryptographic Hash of characteristic information.The byte quantity of cryptographic Hash is less than the word of characteristic information Joint number amount, can improve efficiency of transmission.Also, the characteristic information of terminal is performed after hashing operation, can be avoided directly in net The characteristic information of plaintext transmission terminal in network, can be protected to the characteristic information of terminal.
Step S206:Server 200 receives user's mark and the cryptographic Hash of characteristic information, and in terminal access right relation The corresponding relation of middle addition user's mark and the cryptographic Hash of the characteristic information.
There is terminal access right relation, including each user mark and each corresponding feature in server 200 The corresponding relation of the cryptographic Hash of information.By taking a corresponding relation as an example, user mark A and characteristic information cryptographic Hash A have pair It should be related to, then user's mark A has the access right of terminal corresponding with this feature information.
According to the another embodiment of the application, a kind of authentication method is provided based on the Verification System shown in Fig. 1 again.Referring to Fig. 3 specifically includes following steps:
Step S301:Terminal 100 sends the certification comprising the certification mark for representing non-certification first to server 200 please Ask.
If terminal 100 judges that the certification in client identifies non-certification first, generation please comprising the certification that certification is identified Ask, certification is designated the non-mark being authenticated first to server of expression.In addition, certification request also includes logging in client User identifies.
Step S302:Server 200 receives the certification request for including the certification mark for representing non-certification first, based on institute State certification mark and determine that the terminal is non-and be authenticated first in the case of request, generation identifying code simultaneously sends described to the terminal Identifying code.
The certification request that the receiving terminal 100 of server 200 is sent, can be learnt end by the certification mark in certification request Hold 100 non-certifications first.Therefore, it is possible to use new authentication mode:Tested using the characteristic information of terminal and the dual of identifying code Card mode.
Therefore, server 200 first generates identifying code, and the mode of generation identifying code can have a variety of and be mature technology, It will not be repeated here.
Step S303:Server 300 searches feature letter corresponding with user mark in terminal access right relation The cryptographic Hash of breath;Using the cryptographic Hash of the characteristic information as salt figure, perform plus salt hashing operation, obtain with reference to the identifying code Plus salt cryptographic Hash.
It can be seen that by the embodiment shown in above-mentioned Fig. 2:The terminal access right relation is identified including each user With the cryptographic Hash one-to-one relationship of each characteristic information, the cryptographic Hash of the characteristic information with user by identifying access right Terminal characteristic information perform the first hashing operation after obtain.
Server 200 obtains user's mark in certification request, and is searched and user's mark in terminal access right relation Know the cryptographic Hash of corresponding characteristic information.
Plus the process of salt hashing operation can be:Hashing operation (identifying code+salt figure)=cryptographic Hash.That is, server 200 will Then salt figure and identifying code are combined by the cryptographic Hash of characteristic information as salt figure, so as to be breathed out to the data after combination Uncommon operation, so as to obtain plus salt cryptographic Hash.
Step S304:The identifying code that the reception server of terminal 100 is sent, and the characteristic information of terminal is extracted, to the spy Reference breath performs the cryptographic Hash that hashing operation obtains characteristic information;Tested by salt figure of the cryptographic Hash of the characteristic information with reference to described Demonstrate,prove code to perform plus salt hashing operation, obtain plus salt cryptographic Hash;Described plus salt cryptographic Hash is sent to the server 200.
The implementation procedure of terminal 100 is similar with step S303 process, will not be repeated here.
Step S305:Server 200, which will calculate obtain plus salt cryptographic Hash is sent with terminal plus salt cryptographic Hash, to be compared Compared with, according to comparative result to terminal send authentication result.
Server 200 is calculated to be obtained plus salt cryptographic Hash according to the cryptographic Hash and identifying code of the characteristic information prestored, will Salt cryptographic Hash should be added to be used as certification foundation.
Terminal 100 can extract the characteristic information of terminal and obtain the cryptographic Hash of characteristic information, and utilize the Kazakhstan of characteristic information Uncommon value and the identifying code received obtain adding salt cryptographic Hash, regard this plus salt cryptographic Hash as Service Ticket.
Server 200 is contrasted two plus salt cryptographic Hash, if two add salt cryptographic Hash consistent, illustrates that user has Terminal access right, and, identifying code input is correct, i.e., active user is validated user by certification.
If two add salt cryptographic Hash consistent, illustrate that active user does not have terminal access right, or, identifying code input Wrong, i.e., it is disabled user that active user is not authenticated.
Server 200 sends authentication result to terminal 100.
Step S306:Terminal 100 is used to receive and show authentication result.
Pass through above-mentioned two embodiment, it can be seen that the application has the advantages that:
Compared with directly using the mode of identifying code in the prior art, the application intercepts user's short message in attacker and obtained In the case of knowing identifying code, because attack terminal can not obtain the characteristic information of normal terminal, so attack terminal is without just Standing standby access right.That is, attack terminal can not provide the salt figure for calculating and adding required for salt hashing operation, therefore can not calculate correct Plus salt cryptographic Hash (Service Ticket).
The present embodiment uses the cryptographic Hash of facility information as salt figure, because cryptographic Hash is impossible to exhaust, therefore does not have in listener-in There is a counterpart terminal access right and in the case that characteristic information is not revealed, this method effectively can prevent attacker from passing through certification.And And, salt figure is done using the cryptographic Hash of characteristic information, it is more safer than directly using characteristic information, prevent the leakage of characteristic information.
In addition, the operation of user, which is remained, only needs input validation code, Consumer's Experience is not influenceed.
The application example of the application is described below:
When the client of terminal 100 is judged as certification first, certification request is initiated to server 200, both sides are forced Authentication operation, to set up safe and reliable channel.On this basis, the IMEI code of the reading terminals of terminal 100 is as characteristic information, And calculate the cryptographic Hash S of special medical treatment information and be sent to server 200.User is identified storage corresponding with S values by server.
Terminal 100 initiates certification request to server 200, and server 200 issues identifying code by short message.Terminal 100 is read The IMEI code of terminal is taken, and performs hashing operation and obtains cryptographic Hash S ', using cryptographic Hash S ' as salt figure, to the identifying code that receives again Secondary execution hashing operation obtains Service Ticket H ';Service Ticket H ' is sent to server 200.
Server 200 searches value S corresponding with user's mark as salt figure, and the identifying code execution hashing operation of generation is obtained To Service Ticket H, and compare H and H ' it is whether identical.If identical, certification passes through;If it is different, then authentification failure.
Referring to Fig. 4, present invention also provides a kind of terminal, including:
Communication module 101, for sending the certification request for including the certification mark for representing non-certification first to server, and Obtain the identifying code that the server is sent;Processor is calculated into obtain plus salt cryptographic Hash to send to the server, so as to Salt cryptographic Hash is added to be authenticated described in the server by utilizing;
Processor 102, the characteristic information for extracting terminal performs hashing operation to the characteristic information and obtains feature letter The cryptographic Hash of breath;Perform plus salt hashing operation, added with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information Salt cryptographic Hash.
Referring to Fig. 5, the application also provides a kind of server, including:
Communication module 201, certification request is sent for receiving terminal;Wherein, the certification request include user mark and Whether be the certification mark that is first authenticated, authentication result is sent to terminal if representing terminal;
Processor 202, for being authenticated first in the case of request determining that the terminal is non-based on certification mark, Generate identifying code and send the identifying code to the terminal;In terminal access right relation, search and identified with the user The cryptographic Hash of corresponding characteristic information;Wherein, the terminal access right relation includes each user mark and each feature letter The cryptographic Hash one-to-one relationship of breath, the cryptographic Hash of the characteristic information is by identifying the feature of the terminal of access right with user Information is obtained after performing the first hashing operation;Using the cryptographic Hash of the characteristic information as salt figure, performed with reference to the identifying code Plus salt hashing operation, obtain plus salt cryptographic Hash;This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared acquisition Authentication result.
If the function described in the present embodiment method is realized using in the form of SFU software functional unit and is used as independent product pin Sell or in use, can be stored in a computing device read/write memory medium.Understood based on such, the embodiment of the present application The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, and this is soft Part product is stored in a storage medium, including some instructions to cause a computing device (can be personal computer, Server, mobile computing device or network equipment etc.) perform all or part of step of the application each embodiment methods described Suddenly.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), deposit at random Access to memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The embodiment of each in this specification is described by the way of progressive, what each embodiment was stressed be with it is other Between the difference of embodiment, each embodiment same or similar part mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or use the application. A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein General Principle can in other embodiments be realized in the case where not departing from spirit herein or scope.Therefore, the application The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one The most wide scope caused.

Claims (10)

1. a kind of authentication method, it is characterised in that including:
The certification request for including the certification mark for representing non-certification first is sent to server, and obtains what the server was sent Identifying code;
The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;
Perform plus salt hashing operation, obtain plus salt Hash with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information Value;
Described plus salt cryptographic Hash is sent to the server, to add salt cryptographic Hash to be recognized described in the server by utilizing Card.
2. the method as described in claim 1, it is characterised in that sent to server comprising the certification for representing non-certification first Before the certification request of mark, in addition to:
Whether judge the terminal is certification first;
If not certification first, then generation includes the certification request for the certification mark for representing non-certification first;Wherein, the certification Request also includes user and identified.
3. method as claimed in claim 2, it is characterised in that also include:
If certification first, generation includes the certification request for the certification mark for representing certification first;Wherein, the certification request is also Including user's mark;
Sent to the server comprising the certification request identified first, and forcible authentication operation is performed with the server;
The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;
The cryptographic Hash of user's mark and the characteristic information is sent to the server, so that server is closed in terminal access right The corresponding relation of user's mark and the cryptographic Hash of the characteristic information is added in system.
4. the method as described in claim 1, it is characterised in that also include:
Receive and show the authentication result that the server is sent.
5. a kind of authentication method, it is characterised in that including:
Receiving terminal sends certification request;Wherein, the certification request includes user's mark and represents whether terminal is to enter first The certification mark of row certification;
It is authenticated first in the case of request determining that the terminal is non-based on certification mark, generates identifying code and to described Terminal sends the identifying code;
In terminal access right relation, the cryptographic Hash with the corresponding characteristic information of user mark is searched;Wherein, the end Access right relation is held to include each user mark and the cryptographic Hash one-to-one relationship of each characteristic information, the characteristic information Cryptographic Hash by with user identify access right terminal characteristic information perform the first hashing operation after obtain;
Using the cryptographic Hash of the characteristic information as salt figure, performed with reference to the identifying code plus salt hashing operation, obtain plus salt is breathed out Uncommon value;
This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared, and certification knot is sent to terminal according to comparative result Really.
6. method as claimed in claim 5, it is characterised in that after receiving terminal sends certification request, in addition to:
Determining that the terminal, to be authenticated first in the case of request, forcible authentication is performed with terminal based on certification mark Operation.
7. method as claimed in claim 6, it is characterised in that after being operated with terminal execution forcible authentication, in addition to:
The cryptographic Hash for the characteristic information that receiving terminal is sent and user's mark;
In terminal access right relation, the cryptographic Hash and the user for adding the characteristic information identify corresponding relation.
8. a kind of terminal, it is characterised in that including:
Communication module, for sending the certification request for including the certification mark for representing non-certification first to server, and obtains institute State the identifying code of server transmission;Processor is calculated into obtain plus salt cryptographic Hash to send to the server, so as to the clothes Business device is authenticated using described plus salt cryptographic Hash;
Processor, the characteristic information for extracting terminal performs the Kazakhstan that hashing operation obtains characteristic information to the characteristic information Uncommon value;Perform plus salt hashing operation, obtain plus salt Hash with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information Value.
9. a kind of server, it is characterised in that including:
Communication module, certification request is sent for receiving terminal;Wherein, the certification request includes user's mark and represents terminal Whether it is the certification mark being authenticated first, authentication result is sent to terminal;
Processor, for being authenticated first in the case of request determining that the terminal is non-based on certification mark, generation is tested Demonstrate,prove code and send the identifying code to the terminal;In terminal access right relation, search corresponding with user mark The cryptographic Hash of characteristic information;Wherein, the terminal access right relation includes each user mark and the Kazakhstan of each characteristic information Uncommon value one-to-one relationship, the cryptographic Hash of the characteristic information is held by the characteristic information that the terminal of access right is identified with user Obtained after the hashing operation of row first;Using the cryptographic Hash of the characteristic information as salt figure, performed with reference to the identifying code plus salt is breathed out Uncommon operation, is obtained plus salt cryptographic Hash;This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared access authentication knot Really.
10. a kind of Verification System, it is characterised in that including:
Terminal, for sending the certification request for including the certification mark for representing non-certification first to server, and obtains the clothes The identifying code that business device is sent;Wherein, the certification request includes user's mark and represents whether terminal is authenticated first Certification is identified;The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;With The cryptographic Hash of the characteristic information is that salt figure is performed plus salt hashing operation with reference to the identifying code, is obtained plus salt cryptographic Hash;By institute State plus salt cryptographic Hash is sent to the server;The authentication result that the reception server is sent;
Server, certification request is sent for receiving terminal;Carried out first determining that the terminal is non-based on certification mark In the case of certification request, generate identifying code and send the identifying code to the terminal;In terminal access right relation, search With the cryptographic Hash of the corresponding characteristic information of user mark;Wherein, the terminal access right relation is marked including each user Know the cryptographic Hash one-to-one relationship with each characteristic information, the cryptographic Hash of the characteristic information with user by identifying the right to use The characteristic information of the terminal of limit is obtained after performing the first hashing operation;Using the cryptographic Hash of the characteristic information as salt figure, with reference to The identifying code is performed plus salt hashing operation, is obtained plus salt cryptographic Hash;This plus salt cryptographic Hash are sent with terminal plus salt Hash Value is compared, and authentication result is sent to terminal according to comparative result.
CN201710591304.3A 2017-07-19 2017-07-19 Authentication method and system, terminal and server Active CN107196972B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710591304.3A CN107196972B (en) 2017-07-19 2017-07-19 Authentication method and system, terminal and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710591304.3A CN107196972B (en) 2017-07-19 2017-07-19 Authentication method and system, terminal and server

Publications (2)

Publication Number Publication Date
CN107196972A true CN107196972A (en) 2017-09-22
CN107196972B CN107196972B (en) 2020-12-22

Family

ID=59883298

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710591304.3A Active CN107196972B (en) 2017-07-19 2017-07-19 Authentication method and system, terminal and server

Country Status (1)

Country Link
CN (1) CN107196972B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107733656A (en) * 2017-10-23 2018-02-23 北京深思数盾科技股份有限公司 A kind of cipher authentication method and device
CN108134770A (en) * 2017-10-19 2018-06-08 黄策 Verify the application layer theft preventing method of short message
CN108566278A (en) * 2018-03-21 2018-09-21 北京金堤科技有限公司 The method and device of data files
CN108763303A (en) * 2018-04-20 2018-11-06 广东省科技基础条件平台中心 Platform verification method, device, computer equipment and storage medium
CN109450917A (en) * 2018-11-28 2019-03-08 珠海金山网络游戏科技有限公司 Account login method, calculates equipment and storage medium at device
CN115600177A (en) * 2022-10-09 2023-01-13 北京金和网络股份有限公司(Cn) Identity authentication method and device, storage medium and electronic equipment

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101500232A (en) * 2009-03-13 2009-08-05 北京华大智宝电子系统有限公司 Method and system for implementing dynamic identity authentication
US20140115340A1 (en) * 2012-10-19 2014-04-24 Samsung Electronics Co., Ltd. Unique device identifier provision method and apparatus
CN103841130A (en) * 2012-11-21 2014-06-04 深圳市腾讯计算机系统有限公司 Verification information pushing method and device, and identity authentication method and device
CN104243155A (en) * 2013-06-18 2014-12-24 腾讯科技(深圳)有限公司 Safety verification method and device
CN104869570A (en) * 2015-04-10 2015-08-26 电子科技大学 Speaking terminal confirmation method based on language channel
CN104901925A (en) * 2014-03-05 2015-09-09 中国移动通信集团北京有限公司 End-user identity authentication method, device and system and terminal device
CN105407074A (en) * 2014-09-11 2016-03-16 腾讯科技(深圳)有限公司 Authentication method, apparatus and system
CN105591743A (en) * 2014-10-23 2016-05-18 腾讯科技(深圳)有限公司 Method and device for carrying out identity authentication through equipment operation features of user terminal
CN106790056A (en) * 2016-12-20 2017-05-31 中国科学院苏州生物医学工程技术研究所 Reduce the method and system of the data theft risk of data bank
CN106878324A (en) * 2017-03-15 2017-06-20 中国联合网络通信集团有限公司 Short message authentication method, short message certification server and terminal

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101500232A (en) * 2009-03-13 2009-08-05 北京华大智宝电子系统有限公司 Method and system for implementing dynamic identity authentication
US20140115340A1 (en) * 2012-10-19 2014-04-24 Samsung Electronics Co., Ltd. Unique device identifier provision method and apparatus
CN103841130A (en) * 2012-11-21 2014-06-04 深圳市腾讯计算机系统有限公司 Verification information pushing method and device, and identity authentication method and device
CN104243155A (en) * 2013-06-18 2014-12-24 腾讯科技(深圳)有限公司 Safety verification method and device
CN104901925A (en) * 2014-03-05 2015-09-09 中国移动通信集团北京有限公司 End-user identity authentication method, device and system and terminal device
CN105407074A (en) * 2014-09-11 2016-03-16 腾讯科技(深圳)有限公司 Authentication method, apparatus and system
CN105591743A (en) * 2014-10-23 2016-05-18 腾讯科技(深圳)有限公司 Method and device for carrying out identity authentication through equipment operation features of user terminal
CN104869570A (en) * 2015-04-10 2015-08-26 电子科技大学 Speaking terminal confirmation method based on language channel
CN106790056A (en) * 2016-12-20 2017-05-31 中国科学院苏州生物医学工程技术研究所 Reduce the method and system of the data theft risk of data bank
CN106878324A (en) * 2017-03-15 2017-06-20 中国联合网络通信集团有限公司 Short message authentication method, short message certification server and terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
龚俭: "《计算机网络安全导论 第2版》", 30 September 2007 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108134770A (en) * 2017-10-19 2018-06-08 黄策 Verify the application layer theft preventing method of short message
CN107733656A (en) * 2017-10-23 2018-02-23 北京深思数盾科技股份有限公司 A kind of cipher authentication method and device
CN108566278A (en) * 2018-03-21 2018-09-21 北京金堤科技有限公司 The method and device of data files
CN108566278B (en) * 2018-03-21 2020-04-14 北京金堤科技有限公司 Data cooperation method and device
CN108763303A (en) * 2018-04-20 2018-11-06 广东省科技基础条件平台中心 Platform verification method, device, computer equipment and storage medium
CN109450917A (en) * 2018-11-28 2019-03-08 珠海金山网络游戏科技有限公司 Account login method, calculates equipment and storage medium at device
CN109450917B (en) * 2018-11-28 2021-11-26 珠海金山网络游戏科技有限公司 Account login method and device, computing equipment and storage medium
CN115600177A (en) * 2022-10-09 2023-01-13 北京金和网络股份有限公司(Cn) Identity authentication method and device, storage medium and electronic equipment
CN115600177B (en) * 2022-10-09 2024-04-16 北京金和网络股份有限公司 Identity authentication method and device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN107196972B (en) 2020-12-22

Similar Documents

Publication Publication Date Title
CN107196972A (en) A kind of authentication method and system, terminal and server
CN105391695B (en) A kind of terminal registration method and method of calibration
CN109492378A (en) A kind of auth method based on EIC equipment identification code, server and medium
CN109450649A (en) Gateway verification method and device based on application program interface and electronic equipment
CN106529952B (en) Verification implementation method and system in data transfer
CN103905194B (en) Identity traceability authentication method and system
CN104618315B (en) A kind of method, apparatus and system of verification information push and Information Authentication
CN102761557B (en) A kind of terminal device authentication method and device
US10270808B1 (en) Auto-generated synthetic identities for simulating population dynamics to detect fraudulent activity
CN109561085A (en) A kind of auth method based on EIC equipment identification code, server and medium
CN104579649A (en) Identity recognition method and system
CN103475484B (en) USB key authentication methods and system
CN101166094A (en) A method for client to automatically log in the server via intelligent encryption mode
CN104767713A (en) Account binding method, server and account binding system
CN111585995B (en) Secure wind control information transmission and processing method and device, computer equipment and storage medium
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN109067544A (en) A kind of private key verification method, the apparatus and system of soft or hard combination
CN106559386A (en) A kind of authentication method and device
CN106549756A (en) A kind of method and device of encryption
CN114339755A (en) Registration verification method and device, electronic equipment and computer readable storage medium
CN107294981B (en) Authentication method and equipment
CN108764834A (en) Signature method, system, equipment and the medium of electronic contract
CN104144146B (en) A kind of method and system of access website
CN108600259A (en) The certification of equipment and binding method and computer storage media, server
KR101583698B1 (en) Authentication system and method for device attempting connection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant